locked
Fortiweb is blocking exchange 2016 Traffic and report it as SQL injection RRS feed

  • Question

  • Hi all,

    we migrated our exchange server from 2010 to 2016.

    after completing everything, we faced an issue with outlook 365 clients only.

    all outlook 365 clients cant send emails or cant sync folders after first syncing (all folders synced perfectly after first login and can send but after a while or after restarting outlook all functions stops).

    we discovered that Fortiweb is blocking all exchange traffics as SQL injection attack

    and everytime we add an exception to the signature we receives another sql injection for the same mailbox

    Fortweb os is 5.9.1 which already contains exchange 2016 signature 

    is there any option to change in exchange or in fortiweb to overcome this??

    Thanks in advance

    Wednesday, November 27, 2019 7:26 AM

Answers

  • Hi all,

    we migrated our exchange server from 2010 to 2016.

    after completing everything, we faced an issue with outlook 365 clients only.

    all outlook 365 clients cant send emails or cant sync folders after first syncing (all folders synced perfectly after first login and can send but after a while or after restarting outlook all functions stops).

    we discovered that Fortiweb is blocking all exchange traffics as SQL injection attack

    and everytime we add an exception to the signature we receives another sql injection for the same mailbox

    Fortweb os is 5.9.1 which already contains exchange 2016 signature 

    is there any option to change in exchange or in fortiweb to overcome this??

    Thanks in advance

    for anyone having these issue, do the following

    add regular expression exclusion on the blocked content on the fortiweb

    • Marked as answer by Zaid AlAni Monday, June 15, 2020 4:50 AM
    Monday, June 15, 2020 4:50 AM

All replies

  • Hi,

    Do you have user mailboxes on the Exchange database? Do they have the same issue?

    From your description "we discovered that Fortiweb is blocking all exchange traffics as SQL injection attack", you should contact Fortweb supplier or SQL server supporter to get more suggestions and deal with the SQL injection attack issue.

    If the SQL injection attack issue is solved and user mailboxes still cannot work normally, we will help you do more analysis about the outlook connectivity issue.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, November 28, 2019 2:47 AM
  • Hi Lydia,

    we've contacted Fortiweb, they said that they are aware of this issue but there is no solution from their side, we have to add exception every time problem occurs, but some clients solved this issue by changing something in the exchange environment (they didn't say what).

    issue happens on some emails with different attack types (mostly SQL injection).

    do you have any suggestion about what to change ? (outlook anywhere security is negotiate)

    Best regards,

    Zaid 

    Monday, December 2, 2019 8:50 AM
  • Hi Zaid,

    Since this issue is caused by Fortiweb, we know less about the working process or what will be checked and modified by it. You'd better contact with them for more explains about what should be changed on Exchange to solve the Fortiweb issue. 

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 4, 2019 10:08 AM
  • Is there any updates about this issue? If you have any updates to share, you are welcomed to post here.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 10, 2019 11:20 AM
  • Hi all,

    we migrated our exchange server from 2010 to 2016.

    after completing everything, we faced an issue with outlook 365 clients only.

    all outlook 365 clients cant send emails or cant sync folders after first syncing (all folders synced perfectly after first login and can send but after a while or after restarting outlook all functions stops).

    we discovered that Fortiweb is blocking all exchange traffics as SQL injection attack

    and everytime we add an exception to the signature we receives another sql injection for the same mailbox

    Fortweb os is 5.9.1 which already contains exchange 2016 signature 

    is there any option to change in exchange or in fortiweb to overcome this??

    Thanks in advance

    for anyone having these issue, do the following

    add regular expression exclusion on the blocked content on the fortiweb

    • Marked as answer by Zaid AlAni Monday, June 15, 2020 4:50 AM
    Monday, June 15, 2020 4:50 AM